skills-cli
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous command-line templates using
bunxandnpxto interact with theskillsandskvltCLI tools. These commands allow the agent to perform package management tasks such as installation, listing, and updating skills. - [EXTERNAL_DOWNLOADS]: The skill's primary purpose is to guide the agent in downloading and installing external agent skills from remote sources, including GitHub (specifically
github.com/xixu-me/skills), GitLab, and theskills.shregistry. To minimize security risks, the instructions mandate that the agent performs a quality check—evaluating install counts, repository popularity, and publisher reputation—before recommending a skill to the user.
Audit Metadata